Re: Doubt on KVM-88 vulnerabilities

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Asdo <asdo@shiftmail.org>
To: Avi Kivity <avi@redhat.com>
Cc: kvm@vger.kernel.org
Subject: Re: Doubt on KVM-88 vulnerabilities
Date: Tue, 10 Nov 2009 12:10:34 +0100	[thread overview]
Message-ID: <4AF94A2A.2020302@shiftmail.org> (raw)
In-Reply-To: <4AF93AB8.3040504@redhat.com>

Avi Kivity wrote:
> I recommend to use distro-provided modules (or kernel.org kernels 
> within their support period) for production use.  This ensures you get 
> security and stability fixes.  kvm-89 will fix these issues, but as 
> it's a development snapshot, may introduce new issues.

This is interesting.

I prefer compiling from source especially for upgrading KVM on 
production systems, because then I do not need to upgrade the kernel 
(may introduce new stability issues on very new kernels) or the distro 
(may introduce LOTS of new changes and stability issues on production 
sytems). KVM is newer and evolves more rapidly than the kernel so it is 
more beneficial to upgrade KVM than the rest of the kernel or distro

However for compiling from source I would need to know which versions of 
KVM are "stable" and which are not.

I see the 89 you tell about, is not released yet:
http://sourceforge.net/projects/kvm/files/
So did you mean that 89 is not "yet" for production use or will "never" 
be for production use?

Are there versions number which are "stabilization" versions and others 
which are development, or they are all equal?

You know it would be great if the KVM versions would be versioned like 
the kernels, so that we could have kvm version 86.1, 86.2, 86.3 which 
would apply only the bug fixes and not new stuff which might be risky 
(i.e. no speed optimizations) so one willing to upgrade a production 
system could choose a somewhat older version with a higher bugfix 
version number.

In the past I chose the kvm-86 which had been just released (i.e. 
visible in http://sourceforge.net/projects/kvm/files/ ) but there was a 
bug on the CPU detection causing the message "This kernel requires an 
x86-64 CPU, but only detected an i686 CPU. \n Unable to boot - please 
use a kernel appropriate for your CPU.". I had to manually find and 
apply the patch 
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commitdiff;h=8fa3b3ce6e 
. Luckily this bug was discussed somewhere so I could find the patch.

Summing up, it would be great to have some maintained kvm versions...

BTW I do not know what are kvm-kmod's or qemu-kvm's downloadable from 
http://sourceforge.net/projects/kvm/files/ : I always compile the "kvm" 
from source.  Are those the solution to my problem? Where can I find 
info about the difference between the three?

Thank you

next prev parent reply	other threads:[~2009-11-10 11:10 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-08 18:42 Doubt on KVM-88 vulnerabilities Daniel Bareiro
2009-11-10 10:04 ` Avi Kivity
2009-11-10 11:10   ` Asdo [this message]
2009-11-10 12:03     ` Michael Tokarev
2009-11-10 14:19       ` Asdo
2009-11-10 14:42         ` Michael Tokarev
2009-11-10 15:05           ` Asdo
2009-11-10 16:25             ` Jan Kiszka
2009-12-14 11:08   ` Daniel Bareiro
2009-12-14 17:36     ` Daniel Bareiro
2009-12-14 18:39       ` Avi Kivity
2009-12-14 21:07         ` Daniel Bareiro
2009-12-15  1:56           ` Daniel Bareiro
2009-12-15 10:03           ` Avi Kivity
2009-12-14 18:38     ` Avi Kivity
2009-12-14 23:27       ` Daniel Bareiro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4AF94A2A.2020302@shiftmail.org \
    --to=asdo@shiftmail.org \
    --cc=avi@redhat.com \
    --cc=kvm@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.